I am after some advice, I would like to learn more about finding bugs and using this to make exploits. I am very new to this sort of area and not sure best place to start. Are there any good website or books that take you from complete newbie to a intermediate level or beyond?

There are a few angles to think about when finding bugs. You can fuzz apps to find bugs, you can do manual code review (which is likely not possible unless you have the code) or you can do reverse engineering.

I have gotten the "Hacking: The art of exploitation" which is a really good book, however that was after I started developing my own exploits.

Initally I looked at null threats blog which really got me hooked on exploit development except I didn't use metasploit, but rather started learning some python and recreating an exploit from scratch from the exploit db using the concept he shows in the videos.

That was all in the lead up to starting pwb which has a good section on exploit development, but as I'd done it before some people said I was at an advantage.

Last edited by TheXero on Tue Sep 20, 2011 10:19 am, edited 1 time in total.

Thanks for the links what best OS to use ? also what good tools to use I know the books would recommend some tools but would like to try have play before I get the books Smiley thanks

The OS will depend on what SW you try to find the bugs, you can find good tools both for Win and Linux (I'm sure also for OS X, but I don't have any experience there), for example, regarding debuggers on Linux you have gdb, while on Win you have Windbg (you'll want to start with Immunity Debugger or OllyDbg though). Regarding other fuzzers, it will depend once again on what kind of SW you're fuzzing. So there's no an all-fit-one tool.

In this case, different from your last post....when you're debugging or RE an application for Windows, you'll likely be using Windows as your OS. I think its possible to do cross debugging but I have zero experience with that.

I always use a windows box to debug windows apps with Immunity debugger. Corelan has a tremendous plugin called mona.py that can really speed up exploit development, especially if you want to create metasploit modules. I think IDA has a Linux version but I'm not sure. Mambru has more RE experience than I do and can give you better advice on that.

Aside from the reading, operating system is only relevant to what you want to find "faults" with. Fuzzing is nothing more than fault injection. You likely would yield little results fuzzing Windows files on a Nix box. There are plenty of tools on Windows systems that can help you: PaiMei, Klocwork Architect, Codenomicon, Protos, etc.

The key to benefitting though is to focus on understanding why an application is behaving in a method that causes it to act outside of the norm. This will include knowing and understanding a lot of machine code (Assembly) as well as understanding debugging. For debugging on Windows I use WinDBG for almost everything. From time to time I may plop in and out of Olly or Immunity Debugger, but WinDBG has been very useful to me.

When I was getting deeper into debugging and figuring things out, I followed Vostokov heavily:

There is a lot to know for Windows including literally living on MSDN for months reading up on calls, instructions, etc. This was primarily for Windows mind you. *nix based fuzzing is a bit different because of the variants (Linux, BSD, Solaris, HPUX, QNX, etc). Almost all handle things differently.

Fuzzing involves more than just tools. What's the point of aiming tools to find a crash if you don't know how to capitalize on that crash.

WOW! lots great resource that I will be checking out but I am total new to this sort of thing what book would be the best starting places as some I have looked at have assumptions. I know this hard question to answer.

I have some programing language skill's in Java and mainly web based stuff. I have never done any C,C++ or assembly. so I like fish out water I need like idiots guide to exploits as taking this up more of something to learn in my spare time. I just want to start from bottom and get better.